Real-World PHP Security

Understanding the most common security threats to PHP applications is the first step to securing yours.

Safe Mode

PHP's Safe mode is something you should learn to work with
whether you are a PHP developer or a system administrator.
Safe mode is a set of configuration options that allow
the system administrator to alter the behavior of the PHP
interpreter by implementing security measures. From
a system administrator's point of view, this means you must learn how to
implement this feature properly, without making it impossible
for developers to set up their applications on your server. From
a developer's point of view, you must learn what possibly
could get broken in your application if this feature is turned on.

Turning safe_mode on makes sense if you manage a shared server that
serves PHP applications and the PHP developers using this server are
not trusted. Enabling safe_mode in your php.ini file effectively makes
any file-related operation in any of your scripts impossible unless the
UID of the owner of the file is the same as the UID of the running script.
PHP also gives you the ability to change this policy while safe_mode is
on by turning on the safe_mode_gid option. In this case, PHP checks for the GID of the files you are trying to work with instead of their UID.

It also is good practice to not let your users execute any system
binary they want; safe_mode_exec_dir comes into play here.
This priceless feature lets you tell PHP not to perform any binary
execution, through exec() or any other function, unless the binary is
located in the safe_mode_exec_dir, such as /usr/local/php/bin.

Once you have familiarized yourself with the restrictions implemented by
PHP when safe_mode is enabled, you should be able to develop software
that doesn't break when it's run on servers with this directive enabled.
Many ISPs use safe_mode.
The simple guidelines to follow are:

Try to limit file operations, whether read or
write, to the files you have provided with your
application.

Do not rely on external software to be installed
or executable by your script unless your project
is running on only your servers.

System administrators also have at their disposal other
powerful tools to ensure the overall security of their systems.
These tools include disable_functions that prevent specified functions from
being called, as well as options such as open_basedir, which limit any file operation to a specific directory.

The PHP documentation team has provided an extensive amount of literature
on the subject. They also have provided documentation for every aspect of
safe_mode and related functions and directives.